3

I am working with BASEX (an XML Database) and i am trying to connect to the http server for performing REST request using Ajax. My code work well in IE but doesn't work with Firefox or Chrome. I tried two ways for the ajax query.

Here is the first :

var jqxhr = $.get( "http://localhost:8984/rest/factbook?query=//city&wrap=yes", function(data)

This code works on IE but doesn't works on other browser, after some research I found that there is a problem with the origin:

origin null is not allowed by access-control-allow-origin

And the second :

$.ajax({
    type: "GET",
    url: "http://localhost:8984/rest/factbook?query=//city&wrap=yes",
    contentType: "xml/application",
    dataType: "xml",

This code works on IE and got a 404 error on other browser.

I tried to put my script on a wamp server but I got the same error :

origin http:/localhost is not allowed by access-control-allow-origin

I also tried to replace local host by the ip of the computer but I got the same error.

Can someone help me please ?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Ronan sistema
  • 31
  • 1
  • 2
  • 3
    because http://localhost and http://localhost:8984 are seen as different domains. See the same origin policy. – epascarello Oct 17 '13 at 13:19
  • The server serving your file must return a header called `Access-Control-Allow-Origin` with a value of * to allow all domains or specific domain name – Ahmad Oct 17 '13 at 13:20

2 Answers2

2

I guess the reason you can not get it work is that some server side coding are needed.

Try this, add the Access-Control-Allow-Origin header to the HTTP response and set the value to *. Here's a piece of Java code for your information.

response.setHeader("Access-Control-Allow-Origin", "*")

rene
  • 41,474
  • 78
  • 114
  • 152
Aaron
  • 573
  • 1
  • 5
  • 15
1

As you have discovered, some browsers do not allow CORS request to be made if the page is served from disk (null origin). This is because it is considered a security risk since all files on disk including /home/myself/mycode.html and /tmp/84d8da9/dangerous_trojan.html share the same domain: the disk. If IE allows this then it should be considered a bug. Indeed, null origin (the disk) even disallows regular non-CORS xmlHTTPrequest.

Some browsers go even further in not allowing local domains such as localhost or 127.0.0.1 or ::1 to make CORS requests. So it is not enough to simply serve the page from a server.

The work-around is to give your page a domain name. For development purposes you don't have to buy a domain name. It's enough to simply modify the hosts file of the machine your browser is on.

I may have misunderstood your question. If you're not attempting a CORS request then the error is simply due to the same-origin policy (which CORS is supposed to work-around). So the solution is to simply make sure that the web page and ajax source are both served from the same domain. Regular non-CORS ajax works on local domains so make sure both your web page and the ajax source are served either from http://localhost/ or http://localhost:8984/. If you want localhost to be able to make ajax requests to localhost:8984 you'll have to implement CORS on the localhost:8984 server.

slebetman
  • 109,858
  • 19
  • 140
  • 171